package org.apache.hadoop.ipc;

import java.io.DataInput;
import java.io.DataOutput;
import java.io.IOException;
import java.lang.annotation.Annotation;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.security.PrivilegedExceptionAction;
import java.security.Security;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.Callable;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.Future;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.regex.Pattern;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.AuthorizeCallback;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslClient;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.ipc.Client;
import org.apache.hadoop.ipc.RPC;
import org.apache.hadoop.ipc.Server;
import org.apache.hadoop.ipc.TestRPC;
import org.apache.hadoop.net.NetUtils;
import org.apache.hadoop.security.KerberosInfo;
import org.apache.hadoop.security.SaslInputStream;
import org.apache.hadoop.security.SaslPlainServer;
import org.apache.hadoop.security.SaslPropertiesResolver;
import org.apache.hadoop.security.SaslRpcClient;
import org.apache.hadoop.security.SaslRpcServer;
import org.apache.hadoop.security.SecurityInfo;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.TestUserGroupInformation;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.SecretManager;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.TokenIdentifier;
import org.apache.hadoop.security.token.TokenInfo;
import org.apache.hadoop.security.token.TokenSelector;
import org.apache.log4j.Level;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;

@RunWith(Parameterized.class)
/* loaded from: input_file:org/apache/hadoop/ipc/TestSaslRPC.class */
public class TestSaslRPC {
    SaslRpcServer.QualityOfProtection[] qop;
    SaslRpcServer.QualityOfProtection expectedQop;
    String saslPropertiesResolver;
    private static final String ADDRESS = "0.0.0.0";
    static final String ERROR_MESSAGE = "Token is invalid";
    static final String SERVER_PRINCIPAL_KEY = "test.ipc.server.principal";
    static final String SERVER_KEYTAB_KEY = "test.ipc.server.keytab";
    static final String SERVER_PRINCIPAL_1 = "p1/foo@BAR";
    static final String SERVER_PRINCIPAL_2 = "p2/foo@BAR";
    private static Configuration conf;
    private static Pattern BadToken;
    private static Pattern KrbFailed;
    private static Pattern NoTokenAuth;
    private static Pattern NoFallback;
    public static final Log LOG = LogFactory.getLog(TestSaslRPC.class);
    static Boolean enableSecretManager = null;
    static Boolean forceSecretManager = null;
    static Boolean clientFallBackToSimpleAllowed = true;

    /* loaded from: input_file:org/apache/hadoop/ipc/TestSaslRPC$AuthSaslPropertiesResolver.class */
    static class AuthSaslPropertiesResolver extends SaslPropertiesResolver {
        AuthSaslPropertiesResolver() {
        }

        public Map<String, String> getServerProperties(InetAddress inetAddress) {
            HashMap hashMap = new HashMap(getDefaultProperties());
            hashMap.put("javax.security.sasl.qop", SaslRpcServer.QualityOfProtection.AUTHENTICATION.getSaslQop());
            return hashMap;
        }
    }

    /* loaded from: input_file:org/apache/hadoop/ipc/TestSaslRPC$BadTokenSecretManager.class */
    public static class BadTokenSecretManager extends TestTokenSecretManager {
        @Override // org.apache.hadoop.ipc.TestSaslRPC.TestTokenSecretManager
        public byte[] retrievePassword(TestTokenIdentifier testTokenIdentifier) throws SecretManager.InvalidToken {
            throw new SecretManager.InvalidToken(TestSaslRPC.ERROR_MESSAGE);
        }
    }

    /* loaded from: input_file:org/apache/hadoop/ipc/TestSaslRPC$CustomSecurityInfo.class */
    public static class CustomSecurityInfo extends SecurityInfo {
        public KerberosInfo getKerberosInfo(Class<?> cls, Configuration configuration) {
            return new KerberosInfo() { // from class: org.apache.hadoop.ipc.TestSaslRPC.CustomSecurityInfo.1
                public Class<? extends Annotation> annotationType() {
                    return null;
                }

                public String serverPrincipal() {
                    return TestSaslRPC.SERVER_PRINCIPAL_KEY;
                }

                public String clientPrincipal() {
                    return null;
                }
            };
        }

        public TokenInfo getTokenInfo(Class<?> cls, Configuration configuration) {
            return new TokenInfo() { // from class: org.apache.hadoop.ipc.TestSaslRPC.CustomSecurityInfo.2
                public Class<? extends TokenSelector<? extends TokenIdentifier>> value() {
                    return TestTokenSelector.class;
                }

                public Class<? extends Annotation> annotationType() {
                    return null;
                }
            };
        }
    }

    /* loaded from: input_file:org/apache/hadoop/ipc/TestSaslRPC$TestPlainCallbacks.class */
    static class TestPlainCallbacks {

        /* loaded from: input_file:org/apache/hadoop/ipc/TestSaslRPC$TestPlainCallbacks$Client.class */
        public static class Client implements CallbackHandler {
            String user;
            String password;

            Client(String str, String str2) {
                this.user = null;
                this.password = null;
                this.user = str;
                this.password = str2;
            }

            @Override // javax.security.auth.callback.CallbackHandler
            public void handle(Callback[] callbackArr) throws UnsupportedCallbackException {
                for (Callback callback : callbackArr) {
                    if (callback instanceof NameCallback) {
                        ((NameCallback) callback).setName(this.user);
                    } else {
                        if (!(callback instanceof PasswordCallback)) {
                            throw new UnsupportedCallbackException(callback, "Unrecognized SASL PLAIN Callback");
                        }
                        ((PasswordCallback) callback).setPassword(this.password.toCharArray());
                    }
                }
            }
        }

        /* loaded from: input_file:org/apache/hadoop/ipc/TestSaslRPC$TestPlainCallbacks$Server.class */
        public static class Server implements CallbackHandler {
            String user;
            String password;

            Server(String str, String str2) {
                this.user = null;
                this.password = null;
                this.user = str;
                this.password = str2;
            }

            @Override // javax.security.auth.callback.CallbackHandler
            public void handle(Callback[] callbackArr) throws UnsupportedCallbackException, SaslException {
                NameCallback nameCallback = null;
                PasswordCallback passwordCallback = null;
                AuthorizeCallback authorizeCallback = null;
                for (Callback callback : callbackArr) {
                    if (callback instanceof NameCallback) {
                        nameCallback = (NameCallback) callback;
                        Assert.assertEquals(this.user, nameCallback.getName());
                    } else if (callback instanceof PasswordCallback) {
                        passwordCallback = (PasswordCallback) callback;
                        if (!this.password.equals(new String(passwordCallback.getPassword()))) {
                            throw new IllegalArgumentException("wrong password");
                        }
                    } else {
                        if (!(callback instanceof AuthorizeCallback)) {
                            throw new UnsupportedCallbackException(callback, "Unsupported SASL PLAIN Callback");
                        }
                        authorizeCallback = (AuthorizeCallback) callback;
                        Assert.assertEquals(this.user, authorizeCallback.getAuthorizationID());
                        Assert.assertEquals(this.user, authorizeCallback.getAuthenticationID());
                        authorizeCallback.setAuthorized(true);
                        authorizeCallback.setAuthorizedID(authorizeCallback.getAuthenticationID());
                    }
                }
                Assert.assertNotNull(nameCallback);
                Assert.assertNotNull(passwordCallback);
                Assert.assertNotNull(authorizeCallback);
            }
        }

        TestPlainCallbacks() {
        }
    }

    /* loaded from: input_file:org/apache/hadoop/ipc/TestSaslRPC$TestSaslImpl.class */
    public static class TestSaslImpl extends TestRPC.TestImpl implements TestSaslProtocol {
        private List<Server.Call> postponedCalls = new ArrayList();

        @Override // org.apache.hadoop.ipc.TestSaslRPC.TestSaslProtocol
        public SaslRpcServer.AuthMethod getAuthMethod() throws IOException {
            return UserGroupInformation.getCurrentUser().getAuthenticationMethod().getAuthMethod();
        }

        @Override // org.apache.hadoop.ipc.TestSaslRPC.TestSaslProtocol
        public String getAuthUser() throws IOException {
            return UserGroupInformation.getCurrentUser().getUserName();
        }

        @Override // org.apache.hadoop.ipc.TestSaslRPC.TestSaslProtocol
        public String echoPostponed(String str) {
            Server.Call call = (Server.Call) Server.getCurCall().get();
            call.postponeResponse();
            this.postponedCalls.add(call);
            return str;
        }

        @Override // org.apache.hadoop.ipc.TestSaslRPC.TestSaslProtocol
        public void sendPostponed() throws IOException {
            Collections.shuffle(this.postponedCalls);
            Iterator<Server.Call> it = this.postponedCalls.iterator();
            while (it.hasNext()) {
                it.next().sendResponse();
            }
            this.postponedCalls.clear();
        }
    }

    @TokenInfo(TestTokenSelector.class)
    @KerberosInfo(serverPrincipal = TestSaslRPC.SERVER_PRINCIPAL_KEY)
    /* loaded from: input_file:org/apache/hadoop/ipc/TestSaslRPC$TestSaslProtocol.class */
    public interface TestSaslProtocol extends TestRPC.TestProtocol {
        SaslRpcServer.AuthMethod getAuthMethod() throws IOException;

        String getAuthUser() throws IOException;

        String echoPostponed(String str) throws IOException;

        void sendPostponed() throws IOException;
    }

    /* loaded from: input_file:org/apache/hadoop/ipc/TestSaslRPC$TestTokenIdentifier.class */
    public static class TestTokenIdentifier extends TokenIdentifier {
        private Text tokenid;
        private Text realUser;
        static final Text KIND_NAME = new Text("test.token");

        public TestTokenIdentifier() {
            this(new Text(), new Text());
        }

        public TestTokenIdentifier(Text text) {
            this(text, new Text());
        }

        public TestTokenIdentifier(Text text, Text text2) {
            this.tokenid = text == null ? new Text() : text;
            this.realUser = text2 == null ? new Text() : text2;
        }

        public Text getKind() {
            return KIND_NAME;
        }

        public UserGroupInformation getUser() {
            if (this.realUser.toString().isEmpty()) {
                return UserGroupInformation.createRemoteUser(this.tokenid.toString());
            }
            return UserGroupInformation.createProxyUser(this.tokenid.toString(), UserGroupInformation.createRemoteUser(this.realUser.toString()));
        }

        public void readFields(DataInput dataInput) throws IOException {
            this.tokenid.readFields(dataInput);
            this.realUser.readFields(dataInput);
        }

        public void write(DataOutput dataOutput) throws IOException {
            this.tokenid.write(dataOutput);
            this.realUser.write(dataOutput);
        }
    }

    /* loaded from: input_file:org/apache/hadoop/ipc/TestSaslRPC$TestTokenSecretManager.class */
    public static class TestTokenSecretManager extends SecretManager<TestTokenIdentifier> {
        public byte[] createPassword(TestTokenIdentifier testTokenIdentifier) {
            return testTokenIdentifier.getBytes();
        }

        @Override // 
        public byte[] retrievePassword(TestTokenIdentifier testTokenIdentifier) throws SecretManager.InvalidToken {
            return testTokenIdentifier.getBytes();
        }

        /* renamed from: createIdentifier, reason: merged with bridge method [inline-methods] */
        public TestTokenIdentifier m189createIdentifier() {
            return new TestTokenIdentifier();
        }
    }

    /* loaded from: input_file:org/apache/hadoop/ipc/TestSaslRPC$TestTokenSelector.class */
    public static class TestTokenSelector implements TokenSelector<TestTokenIdentifier> {
        /* JADX WARN: Multi-variable type inference failed */
        public Token<TestTokenIdentifier> selectToken(Text text, Collection<Token<? extends TokenIdentifier>> collection) {
            if (text == null) {
                return null;
            }
            for (Token<? extends TokenIdentifier> token : collection) {
                if (TestTokenIdentifier.KIND_NAME.equals(token.getKind()) && text.equals(token.getService())) {
                    return token;
                }
            }
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/apache/hadoop/ipc/TestSaslRPC$UseToken.class */
    public enum UseToken {
        NONE,
        VALID,
        INVALID,
        OTHER
    }

    @Parameterized.Parameters
    public static Collection<Object[]> data() {
        ArrayList arrayList = new ArrayList();
        for (SaslRpcServer.QualityOfProtection qualityOfProtection : SaslRpcServer.QualityOfProtection.values()) {
            arrayList.add(new Object[]{new SaslRpcServer.QualityOfProtection[]{qualityOfProtection}, qualityOfProtection, null});
        }
        arrayList.add(new Object[]{new SaslRpcServer.QualityOfProtection[]{SaslRpcServer.QualityOfProtection.PRIVACY, SaslRpcServer.QualityOfProtection.AUTHENTICATION}, SaslRpcServer.QualityOfProtection.PRIVACY, null});
        arrayList.add(new Object[]{new SaslRpcServer.QualityOfProtection[]{SaslRpcServer.QualityOfProtection.PRIVACY, SaslRpcServer.QualityOfProtection.AUTHENTICATION}, SaslRpcServer.QualityOfProtection.AUTHENTICATION, "org.apache.hadoop.ipc.TestSaslRPC$AuthSaslPropertiesResolver"});
        return arrayList;
    }

    public TestSaslRPC(SaslRpcServer.QualityOfProtection[] qualityOfProtectionArr, SaslRpcServer.QualityOfProtection qualityOfProtection, String str) {
        this.qop = qualityOfProtectionArr;
        this.expectedQop = qualityOfProtection;
        this.saslPropertiesResolver = str;
    }

    @BeforeClass
    public static void setupKerb() {
        System.setProperty("java.security.krb5.kdc", "");
        System.setProperty("java.security.krb5.realm", "NONE");
        Security.addProvider(new SaslPlainServer.SecurityProvider());
    }

    @Before
    public void setup() {
        LOG.info("---------------------------------");
        LOG.info("Testing QOP:" + getQOPNames(this.qop));
        LOG.info("---------------------------------");
        conf = new Configuration();
        conf.set("hadoop.security.authentication", SaslRpcServer.AuthMethod.SIMPLE.toString());
        conf.set("hadoop.rpc.protection", getQOPNames(this.qop));
        if (this.saslPropertiesResolver != null) {
            conf.set("hadoop.security.saslproperties.resolver.class", this.saslPropertiesResolver);
        }
        UserGroupInformation.setConfiguration(conf);
        enableSecretManager = null;
        forceSecretManager = null;
        clientFallBackToSimpleAllowed = true;
    }

    static String getQOPNames(SaslRpcServer.QualityOfProtection[] qualityOfProtectionArr) {
        StringBuilder sb = new StringBuilder();
        int i = 0;
        for (SaslRpcServer.QualityOfProtection qualityOfProtection : qualityOfProtectionArr) {
            sb.append(qualityOfProtection.name().toLowerCase());
            i++;
            if (i < qualityOfProtectionArr.length) {
                sb.append(",");
            }
        }
        return sb.toString();
    }

    @Test
    public void testDigestRpc() throws Exception {
        TestTokenSecretManager testTokenSecretManager = new TestTokenSecretManager();
        doDigestRpc(new RPC.Builder(conf).setProtocol(TestSaslProtocol.class).setInstance(new TestSaslImpl()).setBindAddress("0.0.0.0").setPort(0).setNumHandlers(5).setVerbose(true).setSecretManager(testTokenSecretManager).build(), testTokenSecretManager);
    }

    @Test
    public void testDigestRpcWithoutAnnotation() throws Exception {
        TestTokenSecretManager testTokenSecretManager = new TestTokenSecretManager();
        try {
            SecurityUtil.setSecurityInfoProviders(new SecurityInfo[]{new CustomSecurityInfo()});
            doDigestRpc(new RPC.Builder(conf).setProtocol(TestSaslProtocol.class).setInstance(new TestSaslImpl()).setBindAddress("0.0.0.0").setPort(0).setNumHandlers(5).setVerbose(true).setSecretManager(testTokenSecretManager).build(), testTokenSecretManager);
            SecurityUtil.setSecurityInfoProviders(new SecurityInfo[0]);
        } catch (Throwable th) {
            SecurityUtil.setSecurityInfoProviders(new SecurityInfo[0]);
            throw th;
        }
    }

    @Test
    public void testErrorMessage() throws Exception {
        BadTokenSecretManager badTokenSecretManager = new BadTokenSecretManager();
        boolean z = false;
        try {
            doDigestRpc(new RPC.Builder(conf).setProtocol(TestSaslProtocol.class).setInstance(new TestSaslImpl()).setBindAddress("0.0.0.0").setPort(0).setNumHandlers(5).setVerbose(true).setSecretManager(badTokenSecretManager).build(), badTokenSecretManager);
        } catch (RemoteException e) {
            LOG.info("LOGGING MESSAGE: " + e.getLocalizedMessage());
            Assert.assertEquals(ERROR_MESSAGE, e.getLocalizedMessage());
            Assert.assertTrue(e.unwrapRemoteException() instanceof SecretManager.InvalidToken);
            z = true;
        }
        Assert.assertTrue(z);
    }

    private void doDigestRpc(Server server, TestTokenSecretManager testTokenSecretManager) throws Exception {
        server.start();
        UserGroupInformation currentUser = UserGroupInformation.getCurrentUser();
        InetSocketAddress connectAddress = NetUtils.getConnectAddress(server);
        Token token = new Token(new TestTokenIdentifier(new Text(currentUser.getUserName())), testTokenSecretManager);
        SecurityUtil.setTokenService(token, connectAddress);
        currentUser.addToken(token);
        TestSaslProtocol testSaslProtocol = null;
        try {
            testSaslProtocol = (TestSaslProtocol) RPC.getProxy(TestSaslProtocol.class, 1L, connectAddress, conf);
            Assert.assertEquals(SaslRpcServer.AuthMethod.TOKEN, testSaslProtocol.getAuthMethod());
            Assert.assertEquals(this.expectedQop.saslQop, RPC.getConnectionIdForProxy(testSaslProtocol).getSaslQop());
            testSaslProtocol.ping();
            server.stop();
            if (testSaslProtocol != null) {
                RPC.stopProxy(testSaslProtocol);
            }
        } catch (Throwable th) {
            server.stop();
            if (testSaslProtocol != null) {
                RPC.stopProxy(testSaslProtocol);
            }
            throw th;
        }
    }

    @Test
    public void testPingInterval() throws Exception {
        Configuration configuration = new Configuration(conf);
        configuration.set(SERVER_PRINCIPAL_KEY, SERVER_PRINCIPAL_1);
        conf.setInt("ipc.ping.interval", 60000);
        configuration.setBoolean("ipc.client.ping", true);
        Assert.assertEquals(60000L, Client.ConnectionId.getConnectionId(new InetSocketAddress(0), TestSaslProtocol.class, (UserGroupInformation) null, 0, configuration).getPingInterval());
        configuration.setBoolean("ipc.client.ping", false);
        Assert.assertEquals(0L, Client.ConnectionId.getConnectionId(new InetSocketAddress(0), TestSaslProtocol.class, (UserGroupInformation) null, 0, configuration).getPingInterval());
    }

    @Test
    public void testPerConnectionConf() throws Exception {
        TestTokenSecretManager testTokenSecretManager = new TestTokenSecretManager();
        RPC.Server build = new RPC.Builder(conf).setProtocol(TestSaslProtocol.class).setInstance(new TestSaslImpl()).setBindAddress("0.0.0.0").setPort(0).setNumHandlers(5).setVerbose(true).setSecretManager(testTokenSecretManager).build();
        build.start();
        UserGroupInformation currentUser = UserGroupInformation.getCurrentUser();
        InetSocketAddress connectAddress = NetUtils.getConnectAddress(build);
        Token token = new Token(new TestTokenIdentifier(new Text(currentUser.getUserName())), testTokenSecretManager);
        SecurityUtil.setTokenService(token, connectAddress);
        currentUser.addToken(token);
        Configuration configuration = new Configuration(conf);
        configuration.set("hadoop.rpc.socket.factory.class.default", "");
        Client client = null;
        TestSaslProtocol testSaslProtocol = null;
        TestSaslProtocol testSaslProtocol2 = null;
        TestSaslProtocol testSaslProtocol3 = null;
        int[] iArr = {111222, 3333333};
        try {
            configuration.setInt("ipc.client.connection.maxidletime", iArr[0]);
            testSaslProtocol = (TestSaslProtocol) RPC.getProxy(TestSaslProtocol.class, 1L, connectAddress, configuration);
            testSaslProtocol.getAuthMethod();
            client = WritableRpcEngine.getClient(configuration);
            Set connectionIds = client.getConnectionIds();
            Assert.assertEquals("number of connections in cache is wrong", 1L, connectionIds.size());
            testSaslProtocol2 = (TestSaslProtocol) RPC.getProxy(TestSaslProtocol.class, 1L, connectAddress, configuration);
            testSaslProtocol2.getAuthMethod();
            Assert.assertEquals("number of connections in cache is wrong", 1L, connectionIds.size());
            configuration.setInt("ipc.client.connection.maxidletime", iArr[1]);
            testSaslProtocol3 = (TestSaslProtocol) RPC.getProxy(TestSaslProtocol.class, 1L, connectAddress, configuration);
            testSaslProtocol3.getAuthMethod();
            Assert.assertEquals("number of connections in cache is wrong", 2L, connectionIds.size());
            Client.ConnectionId[] connectionIdArr = {RPC.getConnectionIdForProxy(testSaslProtocol), RPC.getConnectionIdForProxy(testSaslProtocol2), RPC.getConnectionIdForProxy(testSaslProtocol3)};
            Assert.assertEquals(connectionIdArr[0], connectionIdArr[1]);
            Assert.assertEquals(connectionIdArr[0].getMaxIdleTime(), iArr[0]);
            Assert.assertFalse(connectionIdArr[0].equals(connectionIdArr[2]));
            Assert.assertNotSame(Integer.valueOf(connectionIdArr[2].getMaxIdleTime()), Integer.valueOf(iArr[1]));
            build.stop();
            if (client != null) {
                client.getConnectionIds().clear();
            }
            if (testSaslProtocol != null) {
                RPC.stopProxy(testSaslProtocol);
            }
            if (testSaslProtocol2 != null) {
                RPC.stopProxy(testSaslProtocol2);
            }
            if (testSaslProtocol3 != null) {
                RPC.stopProxy(testSaslProtocol3);
            }
        } catch (Throwable th) {
            build.stop();
            if (client != null) {
                client.getConnectionIds().clear();
            }
            if (testSaslProtocol != null) {
                RPC.stopProxy(testSaslProtocol);
            }
            if (testSaslProtocol2 != null) {
                RPC.stopProxy(testSaslProtocol2);
            }
            if (testSaslProtocol3 != null) {
                RPC.stopProxy(testSaslProtocol3);
            }
            throw th;
        }
    }

    static void testKerberosRpc(String str, String str2) throws Exception {
        Configuration configuration = new Configuration(conf);
        configuration.set(SERVER_PRINCIPAL_KEY, str);
        configuration.set(SERVER_KEYTAB_KEY, str2);
        SecurityUtil.login(configuration, SERVER_KEYTAB_KEY, SERVER_PRINCIPAL_KEY);
        TestUserGroupInformation.verifyLoginMetrics(1L, 0);
        System.out.println("UGI: " + UserGroupInformation.getCurrentUser());
        RPC.Server build = new RPC.Builder(configuration).setProtocol(TestSaslProtocol.class).setInstance(new TestSaslImpl()).setBindAddress("0.0.0.0").setPort(0).setNumHandlers(5).setVerbose(true).build();
        TestSaslProtocol testSaslProtocol = null;
        build.start();
        try {
            testSaslProtocol = (TestSaslProtocol) RPC.getProxy(TestSaslProtocol.class, 1L, NetUtils.getConnectAddress(build), configuration);
            testSaslProtocol.ping();
            build.stop();
            if (testSaslProtocol != null) {
                RPC.stopProxy(testSaslProtocol);
            }
            System.out.println("Test is successful.");
        } catch (Throwable th) {
            build.stop();
            if (testSaslProtocol != null) {
                RPC.stopProxy(testSaslProtocol);
            }
            throw th;
        }
    }

    @Test
    public void testSaslPlainServer() throws IOException {
        runNegotiation(new TestPlainCallbacks.Client("user", "pass"), new TestPlainCallbacks.Server("user", "pass"));
    }

    @Test
    public void testSaslPlainServerBadPassword() {
        SaslException saslException = null;
        try {
            runNegotiation(new TestPlainCallbacks.Client("user", "pass1"), new TestPlainCallbacks.Server("user", "pass2"));
        } catch (SaslException e) {
            saslException = e;
        }
        Assert.assertNotNull(saslException);
        Assert.assertEquals("PLAIN auth failed: wrong password", saslException.getMessage());
    }

    private void runNegotiation(CallbackHandler callbackHandler, CallbackHandler callbackHandler2) throws SaslException {
        String mechanismName = SaslRpcServer.AuthMethod.PLAIN.getMechanismName();
        SaslClient createSaslClient = Sasl.createSaslClient(new String[]{mechanismName}, (String) null, (String) null, (String) null, (Map) null, callbackHandler);
        Assert.assertNotNull(createSaslClient);
        SaslServer createSaslServer = Sasl.createSaslServer(mechanismName, (String) null, "localhost", (Map) null, callbackHandler2);
        Assert.assertNotNull("failed to find PLAIN server", createSaslServer);
        byte[] evaluateChallenge = createSaslClient.evaluateChallenge(new byte[0]);
        Assert.assertNotNull(evaluateChallenge);
        Assert.assertTrue(createSaslClient.isComplete());
        Assert.assertNull(createSaslServer.evaluateResponse(evaluateChallenge));
        Assert.assertTrue(createSaslServer.isComplete());
        Assert.assertNotNull(createSaslServer.getAuthorizationID());
    }

    private static Pattern Denied(SaslRpcServer.AuthMethod authMethod) {
        return Pattern.compile(".*RemoteException.*AccessControlException.*: " + authMethod + " authentication is not enabled.*");
    }

    private static Pattern No(SaslRpcServer.AuthMethod... authMethodArr) {
        return Pattern.compile(".*Failed on local exception:.* Client cannot authenticate via:\\[" + StringUtils.join(authMethodArr, ",\\s*") + "\\].*");
    }

    @Test
    public void testSimpleServer() throws Exception {
        assertAuthEquals(SaslRpcServer.AuthMethod.SIMPLE, getAuthMethod(SaslRpcServer.AuthMethod.SIMPLE, SaslRpcServer.AuthMethod.SIMPLE));
        assertAuthEquals(SaslRpcServer.AuthMethod.SIMPLE, getAuthMethod(SaslRpcServer.AuthMethod.SIMPLE, SaslRpcServer.AuthMethod.SIMPLE, UseToken.OTHER));
        assertAuthEquals(SaslRpcServer.AuthMethod.SIMPLE, getAuthMethod(SaslRpcServer.AuthMethod.KERBEROS, SaslRpcServer.AuthMethod.SIMPLE));
        assertAuthEquals(SaslRpcServer.AuthMethod.SIMPLE, getAuthMethod(SaslRpcServer.AuthMethod.KERBEROS, SaslRpcServer.AuthMethod.SIMPLE, UseToken.OTHER));
    }

    @Test
    public void testNoClientFallbackToSimple() throws Exception {
        clientFallBackToSimpleAllowed = false;
        assertAuthEquals(SaslRpcServer.AuthMethod.SIMPLE, getAuthMethod(SaslRpcServer.AuthMethod.SIMPLE, SaslRpcServer.AuthMethod.SIMPLE));
        assertAuthEquals(SaslRpcServer.AuthMethod.SIMPLE, getAuthMethod(SaslRpcServer.AuthMethod.SIMPLE, SaslRpcServer.AuthMethod.SIMPLE, UseToken.OTHER));
        assertAuthEquals(SaslRpcServer.AuthMethod.SIMPLE, getAuthMethod(SaslRpcServer.AuthMethod.SIMPLE, SaslRpcServer.AuthMethod.SIMPLE, UseToken.VALID));
        assertAuthEquals(SaslRpcServer.AuthMethod.SIMPLE, getAuthMethod(SaslRpcServer.AuthMethod.SIMPLE, SaslRpcServer.AuthMethod.SIMPLE, UseToken.INVALID));
        assertAuthEquals(NoFallback, getAuthMethod(SaslRpcServer.AuthMethod.KERBEROS, SaslRpcServer.AuthMethod.SIMPLE));
        assertAuthEquals(NoFallback, getAuthMethod(SaslRpcServer.AuthMethod.KERBEROS, SaslRpcServer.AuthMethod.SIMPLE, UseToken.OTHER));
        assertAuthEquals(NoFallback, getAuthMethod(SaslRpcServer.AuthMethod.KERBEROS, SaslRpcServer.AuthMethod.SIMPLE, UseToken.VALID));
        assertAuthEquals(NoFallback, getAuthMethod(SaslRpcServer.AuthMethod.KERBEROS, SaslRpcServer.AuthMethod.SIMPLE, UseToken.INVALID));
        forceSecretManager = true;
        assertAuthEquals(SaslRpcServer.AuthMethod.SIMPLE, getAuthMethod(SaslRpcServer.AuthMethod.SIMPLE, SaslRpcServer.AuthMethod.SIMPLE));
        assertAuthEquals(SaslRpcServer.AuthMethod.SIMPLE, getAuthMethod(SaslRpcServer.AuthMethod.SIMPLE, SaslRpcServer.AuthMethod.SIMPLE, UseToken.OTHER));
        assertAuthEquals(SaslRpcServer.AuthMethod.TOKEN, getAuthMethod(SaslRpcServer.AuthMethod.SIMPLE, SaslRpcServer.AuthMethod.SIMPLE, UseToken.VALID));
        assertAuthEquals(BadToken, getAuthMethod(SaslRpcServer.AuthMethod.SIMPLE, SaslRpcServer.AuthMethod.SIMPLE, UseToken.INVALID));
        assertAuthEquals(NoFallback, getAuthMethod(SaslRpcServer.AuthMethod.KERBEROS, SaslRpcServer.AuthMethod.SIMPLE));
        assertAuthEquals(NoFallback, getAuthMethod(SaslRpcServer.AuthMethod.KERBEROS, SaslRpcServer.AuthMethod.SIMPLE, UseToken.OTHER));
        assertAuthEquals(SaslRpcServer.AuthMethod.TOKEN, getAuthMethod(SaslRpcServer.AuthMethod.KERBEROS, SaslRpcServer.AuthMethod.SIMPLE, UseToken.VALID));
        assertAuthEquals(BadToken, getAuthMethod(SaslRpcServer.AuthMethod.KERBEROS, SaslRpcServer.AuthMethod.SIMPLE, UseToken.INVALID));
        assertAuthEquals(Denied(SaslRpcServer.AuthMethod.SIMPLE), getAuthMethod(SaslRpcServer.AuthMethod.SIMPLE, SaslRpcServer.AuthMethod.TOKEN));
        assertAuthEquals(No(SaslRpcServer.AuthMethod.TOKEN), getAuthMethod(SaslRpcServer.AuthMethod.SIMPLE, SaslRpcServer.AuthMethod.TOKEN, UseToken.OTHER));
        assertAuthEquals(SaslRpcServer.AuthMethod.TOKEN, getAuthMethod(SaslRpcServer.AuthMethod.SIMPLE, SaslRpcServer.AuthMethod.TOKEN, UseToken.VALID));
        assertAuthEquals(BadToken, getAuthMethod(SaslRpcServer.AuthMethod.SIMPLE, SaslRpcServer.AuthMethod.TOKEN, UseToken.INVALID));
        assertAuthEquals(No(SaslRpcServer.AuthMethod.TOKEN), getAuthMethod(SaslRpcServer.AuthMethod.KERBEROS, SaslRpcServer.AuthMethod.TOKEN));
        assertAuthEquals(No(SaslRpcServer.AuthMethod.TOKEN), getAuthMethod(SaslRpcServer.AuthMethod.KERBEROS, SaslRpcServer.AuthMethod.TOKEN, UseToken.OTHER));
        assertAuthEquals(SaslRpcServer.AuthMethod.TOKEN, getAuthMethod(SaslRpcServer.AuthMethod.KERBEROS, SaslRpcServer.AuthMethod.TOKEN, UseToken.VALID));
        assertAuthEquals(BadToken, getAuthMethod(SaslRpcServer.AuthMethod.KERBEROS, SaslRpcServer.AuthMethod.TOKEN, UseToken.INVALID));
    }

    @Test
    public void testSimpleServerWithTokens() throws Exception {
        assertAuthEquals(SaslRpcServer.AuthMethod.SIMPLE, getAuthMethod(SaslRpcServer.AuthMethod.SIMPLE, SaslRpcServer.AuthMethod.SIMPLE));
        assertAuthEquals(SaslRpcServer.AuthMethod.SIMPLE, getAuthMethod(SaslRpcServer.AuthMethod.KERBEROS, SaslRpcServer.AuthMethod.SIMPLE));
        assertAuthEquals(SaslRpcServer.AuthMethod.SIMPLE, getAuthMethod(SaslRpcServer.AuthMethod.KERBEROS, SaslRpcServer.AuthMethod.SIMPLE, UseToken.VALID));
        assertAuthEquals(SaslRpcServer.AuthMethod.SIMPLE, getAuthMethod(SaslRpcServer.AuthMethod.KERBEROS, SaslRpcServer.AuthMethod.SIMPLE, UseToken.OTHER));
        enableSecretManager = true;
        assertAuthEquals(SaslRpcServer.AuthMethod.SIMPLE, getAuthMethod(SaslRpcServer.AuthMethod.SIMPLE, SaslRpcServer.AuthMethod.SIMPLE, UseToken.VALID));
        assertAuthEquals(SaslRpcServer.AuthMethod.SIMPLE, getAuthMethod(SaslRpcServer.AuthMethod.SIMPLE, SaslRpcServer.AuthMethod.SIMPLE, UseToken.OTHER));
        assertAuthEquals(SaslRpcServer.AuthMethod.SIMPLE, getAuthMethod(SaslRpcServer.AuthMethod.KERBEROS, SaslRpcServer.AuthMethod.SIMPLE, UseToken.VALID));
        assertAuthEquals(SaslRpcServer.AuthMethod.SIMPLE, getAuthMethod(SaslRpcServer.AuthMethod.KERBEROS, SaslRpcServer.AuthMethod.SIMPLE, UseToken.OTHER));
        forceSecretManager = true;
        assertAuthEquals(SaslRpcServer.AuthMethod.TOKEN, getAuthMethod(SaslRpcServer.AuthMethod.SIMPLE, SaslRpcServer.AuthMethod.SIMPLE, UseToken.VALID));
        assertAuthEquals(SaslRpcServer.AuthMethod.SIMPLE, getAuthMethod(SaslRpcServer.AuthMethod.SIMPLE, SaslRpcServer.AuthMethod.SIMPLE, UseToken.OTHER));
        assertAuthEquals(SaslRpcServer.AuthMethod.TOKEN, getAuthMethod(SaslRpcServer.AuthMethod.KERBEROS, SaslRpcServer.AuthMethod.SIMPLE, UseToken.VALID));
        assertAuthEquals(SaslRpcServer.AuthMethod.SIMPLE, getAuthMethod(SaslRpcServer.AuthMethod.KERBEROS, SaslRpcServer.AuthMethod.SIMPLE, UseToken.OTHER));
    }

    @Test
    public void testSimpleServerWithInvalidTokens() throws Exception {
        assertAuthEquals(SaslRpcServer.AuthMethod.SIMPLE, getAuthMethod(SaslRpcServer.AuthMethod.SIMPLE, SaslRpcServer.AuthMethod.SIMPLE, UseToken.INVALID));
        assertAuthEquals(SaslRpcServer.AuthMethod.SIMPLE, getAuthMethod(SaslRpcServer.AuthMethod.KERBEROS, SaslRpcServer.AuthMethod.SIMPLE, UseToken.INVALID));
        enableSecretManager = true;
        assertAuthEquals(SaslRpcServer.AuthMethod.SIMPLE, getAuthMethod(SaslRpcServer.AuthMethod.SIMPLE, SaslRpcServer.AuthMethod.SIMPLE, UseToken.INVALID));
        assertAuthEquals(SaslRpcServer.AuthMethod.SIMPLE, getAuthMethod(SaslRpcServer.AuthMethod.KERBEROS, SaslRpcServer.AuthMethod.SIMPLE, UseToken.INVALID));
        forceSecretManager = true;
        assertAuthEquals(BadToken, getAuthMethod(SaslRpcServer.AuthMethod.SIMPLE, SaslRpcServer.AuthMethod.SIMPLE, UseToken.INVALID));
        assertAuthEquals(BadToken, getAuthMethod(SaslRpcServer.AuthMethod.KERBEROS, SaslRpcServer.AuthMethod.SIMPLE, UseToken.INVALID));
    }

    @Test
    public void testTokenOnlyServer() throws Exception {
        assertAuthEquals(Denied(SaslRpcServer.AuthMethod.SIMPLE), getAuthMethod(SaslRpcServer.AuthMethod.SIMPLE, SaslRpcServer.AuthMethod.TOKEN));
        assertAuthEquals(No(SaslRpcServer.AuthMethod.TOKEN), getAuthMethod(SaslRpcServer.AuthMethod.SIMPLE, SaslRpcServer.AuthMethod.TOKEN, UseToken.OTHER));
        assertAuthEquals(No(SaslRpcServer.AuthMethod.TOKEN), getAuthMethod(SaslRpcServer.AuthMethod.KERBEROS, SaslRpcServer.AuthMethod.TOKEN));
        assertAuthEquals(No(SaslRpcServer.AuthMethod.TOKEN), getAuthMethod(SaslRpcServer.AuthMethod.KERBEROS, SaslRpcServer.AuthMethod.TOKEN, UseToken.OTHER));
    }

    @Test
    public void testTokenOnlyServerWithTokens() throws Exception {
        assertAuthEquals(SaslRpcServer.AuthMethod.TOKEN, getAuthMethod(SaslRpcServer.AuthMethod.SIMPLE, SaslRpcServer.AuthMethod.TOKEN, UseToken.VALID));
        assertAuthEquals(SaslRpcServer.AuthMethod.TOKEN, getAuthMethod(SaslRpcServer.AuthMethod.KERBEROS, SaslRpcServer.AuthMethod.TOKEN, UseToken.VALID));
        enableSecretManager = false;
        assertAuthEquals(NoTokenAuth, getAuthMethod(SaslRpcServer.AuthMethod.SIMPLE, SaslRpcServer.AuthMethod.TOKEN, UseToken.VALID));
        assertAuthEquals(NoTokenAuth, getAuthMethod(SaslRpcServer.AuthMethod.KERBEROS, SaslRpcServer.AuthMethod.TOKEN, UseToken.VALID));
    }

    @Test
    public void testTokenOnlyServerWithInvalidTokens() throws Exception {
        assertAuthEquals(BadToken, getAuthMethod(SaslRpcServer.AuthMethod.SIMPLE, SaslRpcServer.AuthMethod.TOKEN, UseToken.INVALID));
        assertAuthEquals(BadToken, getAuthMethod(SaslRpcServer.AuthMethod.KERBEROS, SaslRpcServer.AuthMethod.TOKEN, UseToken.INVALID));
        enableSecretManager = false;
        assertAuthEquals(NoTokenAuth, getAuthMethod(SaslRpcServer.AuthMethod.SIMPLE, SaslRpcServer.AuthMethod.TOKEN, UseToken.INVALID));
        assertAuthEquals(NoTokenAuth, getAuthMethod(SaslRpcServer.AuthMethod.KERBEROS, SaslRpcServer.AuthMethod.TOKEN, UseToken.INVALID));
    }

    @Test
    public void testKerberosServer() throws Exception {
        assertAuthEquals(Denied(SaslRpcServer.AuthMethod.SIMPLE), getAuthMethod(SaslRpcServer.AuthMethod.SIMPLE, SaslRpcServer.AuthMethod.KERBEROS));
        assertAuthEquals(No(SaslRpcServer.AuthMethod.TOKEN, SaslRpcServer.AuthMethod.KERBEROS), getAuthMethod(SaslRpcServer.AuthMethod.SIMPLE, SaslRpcServer.AuthMethod.KERBEROS, UseToken.OTHER));
        assertAuthEquals(KrbFailed, getAuthMethod(SaslRpcServer.AuthMethod.KERBEROS, SaslRpcServer.AuthMethod.KERBEROS));
        assertAuthEquals(KrbFailed, getAuthMethod(SaslRpcServer.AuthMethod.KERBEROS, SaslRpcServer.AuthMethod.KERBEROS, UseToken.OTHER));
    }

    @Test
    public void testKerberosServerWithTokens() throws Exception {
        assertAuthEquals(SaslRpcServer.AuthMethod.TOKEN, getAuthMethod(SaslRpcServer.AuthMethod.SIMPLE, SaslRpcServer.AuthMethod.KERBEROS, UseToken.VALID));
        assertAuthEquals(SaslRpcServer.AuthMethod.TOKEN, getAuthMethod(SaslRpcServer.AuthMethod.KERBEROS, SaslRpcServer.AuthMethod.KERBEROS, UseToken.VALID));
        enableSecretManager = false;
        assertAuthEquals(No(SaslRpcServer.AuthMethod.KERBEROS), getAuthMethod(SaslRpcServer.AuthMethod.SIMPLE, SaslRpcServer.AuthMethod.KERBEROS, UseToken.VALID));
        assertAuthEquals(KrbFailed, getAuthMethod(SaslRpcServer.AuthMethod.KERBEROS, SaslRpcServer.AuthMethod.KERBEROS, UseToken.VALID));
    }

    @Test
    public void testKerberosServerWithInvalidTokens() throws Exception {
        assertAuthEquals(BadToken, getAuthMethod(SaslRpcServer.AuthMethod.SIMPLE, SaslRpcServer.AuthMethod.KERBEROS, UseToken.INVALID));
        assertAuthEquals(BadToken, getAuthMethod(SaslRpcServer.AuthMethod.KERBEROS, SaslRpcServer.AuthMethod.KERBEROS, UseToken.INVALID));
        enableSecretManager = false;
        assertAuthEquals(No(SaslRpcServer.AuthMethod.KERBEROS), getAuthMethod(SaslRpcServer.AuthMethod.SIMPLE, SaslRpcServer.AuthMethod.KERBEROS, UseToken.INVALID));
        assertAuthEquals(KrbFailed, getAuthMethod(SaslRpcServer.AuthMethod.KERBEROS, SaslRpcServer.AuthMethod.KERBEROS, UseToken.INVALID));
    }

    @Test(timeout = 10000)
    public void testSaslResponseOrdering() throws Exception {
        SecurityUtil.setAuthenticationMethod(UserGroupInformation.AuthenticationMethod.TOKEN, conf);
        UserGroupInformation.setConfiguration(conf);
        TestTokenSecretManager testTokenSecretManager = new TestTokenSecretManager();
        RPC.Server build = new RPC.Builder(conf).setProtocol(TestSaslProtocol.class).setInstance(new TestSaslImpl()).setBindAddress("0.0.0.0").setPort(0).setNumHandlers(1).setVerbose(true).setSecretManager(testTokenSecretManager).build();
        build.start();
        try {
            final InetSocketAddress connectAddress = NetUtils.getConnectAddress(build);
            UserGroupInformation createRemoteUser = UserGroupInformation.createRemoteUser("client");
            createRemoteUser.setAuthenticationMethod(UserGroupInformation.AuthenticationMethod.TOKEN);
            Token token = new Token(new TestTokenIdentifier(new Text(createRemoteUser.getUserName())), testTokenSecretManager);
            SecurityUtil.setTokenService(token, connectAddress);
            createRemoteUser.addToken(token);
            createRemoteUser.doAs(new PrivilegedExceptionAction<Void>() { // from class: org.apache.hadoop.ipc.TestSaslRPC.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public Void run() throws Exception {
                    final TestSaslProtocol testSaslProtocol = (TestSaslProtocol) RPC.getProxy(TestSaslProtocol.class, 1L, connectAddress, TestSaslRPC.conf);
                    ExecutorService newCachedThreadPool = Executors.newCachedThreadPool();
                    final AtomicInteger atomicInteger = new AtomicInteger();
                    try {
                        Future[] futureArr = new Future[10];
                        for (int i = 0; i < futureArr.length; i++) {
                            futureArr[i] = newCachedThreadPool.submit(new Callable<Void>() { // from class: org.apache.hadoop.ipc.TestSaslRPC.1.1
                                /* JADX WARN: Can't rename method to resolve collision */
                                @Override // java.util.concurrent.Callable
                                public Void call() throws Exception {
                                    String str = "future" + atomicInteger.getAndIncrement();
                                    Assert.assertEquals(str, testSaslProtocol.echoPostponed(str));
                                    return null;
                                }
                            });
                            try {
                                futureArr[i].get(100L, TimeUnit.MILLISECONDS);
                                Assert.fail("future" + i + " did not block");
                            } catch (TimeoutException e) {
                            }
                        }
                        testSaslProtocol.sendPostponed();
                        for (int i2 = 0; i2 < futureArr.length; i2++) {
                            TestSaslRPC.LOG.info("waiting for future" + i2);
                            futureArr[i2].get();
                        }
                        return null;
                    } finally {
                        RPC.stopProxy(testSaslProtocol);
                        newCachedThreadPool.shutdownNow();
                    }
                }
            });
            build.stop();
        } catch (Throwable th) {
            build.stop();
            throw th;
        }
    }

    private String getAuthMethod(SaslRpcServer.AuthMethod authMethod, SaslRpcServer.AuthMethod authMethod2) throws Exception {
        try {
            return internalGetAuthMethod(authMethod, authMethod2, UseToken.NONE);
        } catch (Exception e) {
            LOG.warn("Auth method failure", e);
            return e.toString();
        }
    }

    private String getAuthMethod(SaslRpcServer.AuthMethod authMethod, SaslRpcServer.AuthMethod authMethod2, UseToken useToken) throws Exception {
        try {
            return internalGetAuthMethod(authMethod, authMethod2, useToken);
        } catch (Exception e) {
            LOG.warn("Auth method failure", e);
            return e.toString();
        }
    }

    private String internalGetAuthMethod(SaslRpcServer.AuthMethod authMethod, SaslRpcServer.AuthMethod authMethod2, UseToken useToken) throws Exception {
        final Configuration configuration = new Configuration(conf);
        configuration.set("hadoop.security.authentication", authMethod2.toString());
        UserGroupInformation.setConfiguration(configuration);
        UserGroupInformation createRemoteUser = authMethod2 == SaslRpcServer.AuthMethod.KERBEROS ? UserGroupInformation.createRemoteUser("server/localhost@NONE") : UserGroupInformation.createRemoteUser("server");
        createRemoteUser.setAuthenticationMethod(authMethod2);
        TestTokenSecretManager testTokenSecretManager = new TestTokenSecretManager();
        boolean z = authMethod2 != SaslRpcServer.AuthMethod.SIMPLE;
        if (enableSecretManager != null) {
            z &= enableSecretManager.booleanValue();
        }
        if (forceSecretManager != null) {
            z |= forceSecretManager.booleanValue();
        }
        final TestTokenSecretManager testTokenSecretManager2 = z ? testTokenSecretManager : null;
        Server server = (Server) createRemoteUser.doAs(new PrivilegedExceptionAction<Server>() { // from class: org.apache.hadoop.ipc.TestSaslRPC.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public Server run() throws IOException {
                RPC.Server build = new RPC.Builder(configuration).setProtocol(TestSaslProtocol.class).setInstance(new TestSaslImpl()).setBindAddress("0.0.0.0").setPort(0).setNumHandlers(5).setVerbose(true).setSecretManager(testTokenSecretManager2).build();
                build.start();
                return build;
            }
        });
        final Configuration configuration2 = new Configuration(conf);
        configuration2.set("hadoop.security.authentication", authMethod.toString());
        configuration2.setBoolean("ipc.client.fallback-to-simple-auth-allowed", clientFallBackToSimpleAllowed.booleanValue());
        UserGroupInformation.setConfiguration(configuration2);
        final UserGroupInformation createRemoteUser2 = UserGroupInformation.createRemoteUser("client");
        createRemoteUser2.setAuthenticationMethod(authMethod);
        final InetSocketAddress connectAddress = NetUtils.getConnectAddress(server);
        if (useToken != UseToken.NONE) {
            TestTokenIdentifier testTokenIdentifier = new TestTokenIdentifier(new Text(createRemoteUser2.getUserName()));
            Token token = null;
            switch (useToken) {
                case VALID:
                    token = new Token(testTokenIdentifier, testTokenSecretManager);
                    SecurityUtil.setTokenService(token, connectAddress);
                    break;
                case INVALID:
                    token = new Token(testTokenIdentifier.getBytes(), "bad-password!".getBytes(), testTokenIdentifier.getKind(), (Text) null);
                    SecurityUtil.setTokenService(token, connectAddress);
                    break;
                case OTHER:
                    token = new Token();
                    break;
            }
            createRemoteUser2.addToken(token);
        }
        try {
            LOG.info("trying ugi:" + createRemoteUser2 + " tokens:" + createRemoteUser2.getTokens());
            String str = (String) createRemoteUser2.doAs(new PrivilegedExceptionAction<String>() { // from class: org.apache.hadoop.ipc.TestSaslRPC.3
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public String run() throws IOException {
                    TestSaslProtocol testSaslProtocol = null;
                    try {
                        testSaslProtocol = (TestSaslProtocol) RPC.getProxy(TestSaslProtocol.class, 1L, connectAddress, configuration2);
                        testSaslProtocol.ping();
                        Assert.assertEquals(createRemoteUser2.getUserName(), testSaslProtocol.getAuthUser());
                        SaslRpcServer.AuthMethod authMethod3 = testSaslProtocol.getAuthMethod();
                        Assert.assertEquals(authMethod3 != SaslRpcServer.AuthMethod.SIMPLE ? TestSaslRPC.this.expectedQop.saslQop : null, RPC.getConnectionIdForProxy(testSaslProtocol).getSaslQop());
                        String authMethod4 = authMethod3.toString();
                        if (testSaslProtocol != null) {
                            RPC.stopProxy(testSaslProtocol);
                        }
                        return authMethod4;
                    } catch (Throwable th) {
                        if (testSaslProtocol != null) {
                            RPC.stopProxy(testSaslProtocol);
                        }
                        throw th;
                    }
                }
            });
            server.stop();
            return str;
        } catch (Throwable th) {
            server.stop();
            throw th;
        }
    }

    private static void assertAuthEquals(SaslRpcServer.AuthMethod authMethod, String str) {
        Assert.assertEquals(authMethod.toString(), str);
    }

    private static void assertAuthEquals(Pattern pattern, String str) {
        if (pattern.matcher(str).matches()) {
            Assert.assertTrue(true);
        } else {
            Assert.assertEquals(pattern, str);
        }
    }

    public static void main(String[] strArr) throws Exception {
        System.out.println("Testing Kerberos authentication over RPC");
        if (strArr.length != 2) {
            System.err.println("Usage: java <options> org.apache.hadoop.ipc.TestSaslRPC  <serverPrincipal> <keytabFile>");
            System.exit(-1);
        }
        testKerberosRpc(strArr[0], strArr[1]);
    }

    static {
        Client.LOG.getLogger().setLevel(Level.ALL);
        Server.LOG.getLogger().setLevel(Level.ALL);
        SaslRpcClient.LOG.getLogger().setLevel(Level.ALL);
        SaslRpcServer.LOG.getLogger().setLevel(Level.ALL);
        SaslInputStream.LOG.getLogger().setLevel(Level.ALL);
        SecurityUtil.LOG.getLogger().setLevel(Level.ALL);
        BadToken = Pattern.compile(".*DIGEST-MD5: digest response format violation.*");
        KrbFailed = Pattern.compile(".*Failed on local exception:.* Failed to specify server's Kerberos principal name.*");
        NoTokenAuth = Pattern.compile(".*IllegalArgumentException: TOKEN authentication requires a secret manager");
        NoFallback = Pattern.compile(".*Failed on local exception:.* Server asks us to fall back to SIMPLE auth, but this client is configured to only allow secure connections.*");
    }
}
